Shedding Light Into the Darknet: Scanning Characterization and Detection of Temporal Changes

Network telescopes provide a unique window into Internet-wide malicious activities associated with malware propagation, denial of service attacks, network reconnaissance, and others. Analyses of this telescope data can highlight ongoing malicious events in the Internet which can be used to prevent or mitigate cyber-threats in real-time. However, large telescopes observe millions of events on a daily basis which renders the task of transforming this knowledge to meaningful insights challenging. In order to address this, we present a novel framework for characterizing Internet's background radiation and for tracking its temporal evolution. The proposed framework: (i) Extracts a high dimensional representation of telescope scanners composed of features distilled from telescope data and learns an information-preserving low-dimensional representation of these events that is amenable to clustering; (ii) Performs clustering of resulting representation space to characterize the scanners and (iii) Utilizes the clustering outcomes as "signatures" to detect temporal changes in the network telescope.



Work Title Shedding Light Into the Darknet: Scanning Characterization and Detection of Temporal Changes
Open Access
  1. Rupesh Prajapati
  2. Vasant Honavar
  3. Dinghao Wu
  4. John Yen
  5. Michalis Kallitsis
License In Copyright (Rights Reserved)
Work Type Article
  1. ACM
Publication Date December 2, 2021
Publisher Identifier (DOI)
  1. 10.1145/3485983.3493347
  1. Proceedings of the 17th International Conference on emerging Networking EXperiments and Technologies
Deposited July 22, 2022




This resource is currently not in any collection.

Work History

Version 1

  • Created
  • Added Darknet_poster__CoNEXT_2021-1.pdf
  • Added Creator Rupesh Prajapati
  • Added Creator Vasant Honavar
  • Added Creator Dinghao Wu
  • Added Creator John Yen
  • Added Creator Michalis Kallitsis
  • Published